GCHQ chief reports 'disturbing' cyber-attacks on UK

 
Cyber security analyst in the US The UK says cyber crime is as serious a threat as international terrorism

Cyber attacks on the UK are at "disturbing" levels, according to the director of Britain's biggest intelligence agency.

Government computers, along with defence, technology and engineering firms' designs have been targeted, Iain Lobban, the head of GCHQ, has said.

China and Russia are thought to be among the worst culprits involved in cyber attacks.

On Tuesday, the government hosts a two-day conference on the issue.

Foreign Secretary William Hague convened the London Conference on Cyberspace after criticism that ministers are failing to take the threat from cyberwarfare seriously enough.

It aims to bring together political leaders, such as US Secretary of State Hillary Clinton and EU digital supremo Neelie Kroes, with leading cybersecurity experts and technology entrepreneurs such as Wikipedia founder Jimmy Wales and Cisco vice-president Brad Boston.

Analysis

The threats from cyberspace are growing increasingly complex and sophisticated.

They range from cybercriminals seeking to steal credit cards to groups of hackers seeking to cause trouble. Equally, it can involve states seeking to steal secrets or even carry out attacks, as happened on Iran's nuclear programme with the Stuxnet virus.

The overlap between these groups - with states sometimes subcontracting work out to criminal networks - only increases the problems of working out who is behind any attack.

Governments have been struggling to keep pace with what is taking place and London is playing host to a major conference on the subject starting Tuesday with delegates invited from around the world.

Part of the aim of the meeting is to seek ways of making cyberspace more secure.

Mr Hague believes a "global co-ordinated response" is required to forge policy on cyber development.

Baroness Pauline Neville Jones, the prime minister's special representative to business on cybersecurity, said Russia and China were some of the worst culprits involved in cyber-attacks.

"It's damaging in the end to try and play both sides," she said.

"If you are a company that comes from a country like China you can suffer if in the end people believe it's threatening to employ your products."

Writing in the Times, Mr Lobban said: "The volume of e-crime and attacks on government and industry systems continues to be disturbing".

"I can attest to attempts to steal British ideas and designs - in the IT, technology, defence, engineering and energy sectors, as well as other industries - to gain commercial advantage or to profit from secret knowledge of contractual arrangements.

"Such intellectual property theft doesn't just cost the companies concerned; it represents an attack on the UK's continued economic wellbeing."

Mr Lobban added that government online taxation and benefits services could be targeted in future, and said a black economy had already developed which saw UK citizens' credit card details offered for sale.

'Rich pickings'

The Ministry of Defence foiled more than 1,000 cyber-attacks in the last year from criminals and foreign intelligence services.

The Foreign Secretary William Hague revealed in February that computers belonging to the government had been infected with the "Zeus" computer virus, after users opened an e-mail purporting to come from the White House and followed a link.

He said cyberspace was providing "rich pickings", with UK defence contractors also being targeted.

In January, three Foreign Office staff were sent an e-mail apparently from another colleague in the Foreign Office.

In fact, Mr Hague said, the e-mail was "from a hostile state intelligence agency" and contained "code embedded in the attached document that would have attacked their machine."

'Unacceptably' high risk

But the government has been criticised for failing to take a strong lead in protecting critical systems such as power and water from cyberattack.

The vast majority of critical infrastructure in the UK is privately owned.

A leading think tank, Chatham House, has said there is a reluctance by government to share information with the private companies that might be targeted.

It also criticised those same companies for putting up with an "unacceptably high level of risk".

Professor Peter Somer - a cybersecurity expert at the London School of Economics - said it may be necessary to force major infrastructure companies to invest in protecting themselves against cyber attack.

"We may need to get to the point where we say .... you have to have a licence and a condition of the licence is going to be having adequate protection and having contingency plans. They are not going to like it."

The government says it ranks cybersecurity as a top priority.

Last year it announced £650m of additional funding to help tackle computer-based threats.

Around £130m, or 20%, is specifically earmarked for critical infrastructure projects.

 

More on This Story

The BBC is not responsible for the content of external Internet sites

Comments

This entry is now closed for comments

Jump to comments pagination
 
  • Comment number 186.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • rate this
    -2

    Comment number 185.

    We either treat the whole world as an enemy, and keep the CIA, M16, GCHQ etc... with all their black ops, renditions, and destablisation and warfare ...

    or we treat the whole world as our friends.

    The choice that man makes determines whether he will survive the next 200 years and whether he has learnt anything from the previous 2000.

  • rate this
    0

    Comment number 184.

    My wife and my self have been sent e mails from customs and revenue saying you are owed a tax rebate of several hundreds off pounds they are asking for some bank details these e mails look genuine but are fake they are using a phishing program if any one gets such an e mail please phone up the tax revenue people and let them know

  • rate this
    +2

    Comment number 183.

    We could start by ensuring that all government commissioned systems are built in the UK, by a British owned company and overseen at all stages by an independent expert. That would surely remove any 3rd party 'persuasion'. Then add security, again independently verified. Lastly, employ the best hackers to find the weak leaks and fix them. Not foolproof, but a start.

  • rate this
    +1

    Comment number 182.

    It has taken a long time to recognise just the seriousness of this threat. It first became obvious when hacking developed. And yet there are still those who cannot see the huge potential of this global weopon. None so blind as will not see.

  • Comment number 181.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • rate this
    +4

    Comment number 180.

    As an IT manager responsible for securing data systems which contain sensitive information, I'd like to share a small extract from an email from a senior manager:

    "data protection gets in the way of our jobs and encryption drives me up the wall"

    Most of the problems stem from this typical high-level apathy towards basic security.

  • rate this
    +3

    Comment number 179.

    .
    That's a surprise.

    There's buggerall worth nicking in the crappy ol' country !!

  • rate this
    +1

    Comment number 178.

    We didn't actually need to know this, did we? If the security services were any good they would have just got on with doing what they are supposed to do, i.e. security. You don't do real security by blabbing about your problems to a load of people who do not need to know!

  • rate this
    -2

    Comment number 177.

    Government trying to patch together a dodgy dosier to justify invading Syria and Iran. Nothing more!

  • rate this
    +2

    Comment number 176.

    164. AuntieLeft
    8 MINUTES AGO
    I think it is disturbing that the EU goes cap in hand to China, where most of these cyber attacks and industrial espionage originate.
    ---
    Indeed.
    Unfortunately money clouds all issues concerning China.
    In addition, they dont abide by any competition or fair trading practices.
    Filthy moolah always holds sway in the free market though doesnt it?

  • rate this
    +2

    Comment number 175.

    Any company or goverment who leave such information of computer linked to the internet are failing in their duty to protect that information. It's pointless goverment ministers and other bosses discussing and making laws/rule of such issue when it the very same ministers and bosses who over rule security staff trying to do their job.

  • rate this
    +2

    Comment number 174.

    56.Libertarian Contrarian
    Your comments show you really know very little about computers and os'es.
    More often than not we are now finding the error is not with the OS but with social engeneering and user errors such as weak passwords, giving out information they should not or even just losing machines, or not following best practices all of which can impact any type of opperating system.

  • rate this
    0

    Comment number 173.

    They really need to qualify what form these 'attacks' take.

    For example you may here "The CIA were hacked and thier website made unavailable!" what this actually translates to is "someone tore down a poster but up by the US government". It's easy to mess with networks but very hard to retrieve actual meaningful data. I doubt we need to be alarmed just yet.

  • rate this
    0

    Comment number 172.

    Cyber security is a reactive solution for most companies. And for home users,practicably unheard of. How many people use online banking??? How many people respond to phishing emails??
    These are two big security flaws that poeple are sucked into. Unless you get educated about the dangers of been online at home and at work this will go on.
    But yet again, this is reactive. Never proactive

  • rate this
    0

    Comment number 171.

    People who do it for profit should be punished and people who do it to make or prove a point positively should be listened 2 and understood,in summary (Human Nature).

  • rate this
    -1

    Comment number 170.

    I (personally) get 2,500 to 3,000 spam a day and our systems get attacks ranging from about 500,000 to 1.5M queries/second at least once a month - this isn't news this is the reality for most businesses.

  • rate this
    -1

    Comment number 169.

    WE have always been a soft touch thats why we have so many imergrants over here.Some one hasalready tried to move my benefits so the job center put a stop on my benefits and i had to get in touch with them.Must be a lucretive buissness.

  • rate this
    +1

    Comment number 168.

    Great and my local Tory Council (Hillingdon) use the 'Cloud' meaning they have moved all sensitive data from secure flash drives to on-line, much easier to for anyone to steal.... I'm sure the government will do the same; if they haven't already. Would you put your data in a safe in you home or leave it outside where anyone could have a go at stealing it?

  • rate this
    +2

    Comment number 167.

    113 Megan
    "Odd that despite the 'threat' GCHQ isn't hiring... being out of work and competent in this area, I looked - no joy :("

    GCHQ have regular recruitment sessions where you go through several exams and group interviews. You're likely not qualified enough to get into the first one if you've not been invited. Check their website.

 

Page 8 of 17

 

More UK stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.